You must Sign In to post a response.
  • Category: ASP.NET

    Password should not be visible in view source

    I have change password page, i entered old and new password and clicked submit button. Now if i see the view source am able to see the old and new password in plain text. How to restrict the user from viewing the password in view source.

    I don't want to disable view source, what other way i can implement this?
  • #768975
    Hi,

    If you want to hide it from the end user who is viewing your site from a browser? If so, there's no way to do it. Your browser *has* to have that sent in clear-text, otherwise it cannot render it.

    There are ways you can make it harder to obtain, but in the end, a smart or persistent person can get to the source no matter what you do.

    For example, if you use the "disable right click" trick to make it so people can't view your source, all they'd have to do is disable javaScript and they could access it. Another option is to simply look at the temporary internet files to see what source the browser used to render the page. In short, there's nothing you can do to keep your HTML/JavaScript/CSS safe from peering eyes.

    Basically view source should not have any confidential data that was the part of secured website development.

    Thanks,
    Mani

  • #768976
    How can i restrict the confidential data to be NOT available in view source?

  • #768977
    My Suggestion would be, If you have a view source page which has confidential data. Better don't allow user to click on the right click event on mouse. So if they are not able to see the view source page that itself considered to be a secured data.

    Please check the below link for disabling the right click event in mouse.


    http://rainbow.arch.scriptmania.com/scripts/no_right_click.html


    Thanks,
    Mani

  • #768997
    Hi,

    What are all the inputs we have given we can able to view it in browser mode, if you want to hide it you can go with display:none in html tag,

    <input type="password" style="display:none"/>

    since we can able to set the display in browser mode that option also not preferable.

    The best way to hide the secured information is using autocomplete : off property in either form level or control level.


    <form method="post" action="/form" autocomplete="off">
    […]
    </form>


    I guess this helps you to disable the secured info in browser mode.

    Refer below link this might be helpful to you.
    https://developer.mozilla.org/en-US/docs/Web/Security/Securing_your_site/Turning_off_form_autocompletion

    --------------------------------------------------------------------------------
    Give respect to your work, Instead of trying to impress your boss.

    N@veen
    Blog : http://naveens-dotnet.blogspot.in/

  • #769009
    You can use given code snippet in your source to restrict the user to disable mouse click to view source code
     <html>
    <head>
    <script>
    function disableClick(){
    document.onclick=function(event){
    if (event.button == 2) {
    alert('Right Click Message');
    return false;
    }
    }
    }
    </script>
    </head>
    <body onLoad="disableClick()">
    </body>
    </html>


  • Sign In to post your comments